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REMARKS 

Claims 1 through 78 are pending in the present application. Claims 1, 7, 8, 9, 10, 17, 18, 
19, 20, 26, 27, 28, 29, 35, 36, 37, 38, 44, 45, 46, 47, 55, 56, 57, 58, 65, 66, 67, 68, 75, and 77 are 
independent claims. Applicant proposes adding claims 79 and 80, which depend from claim 1, 
and independent claim 8 1 . 

All pending claims stand rejected under 35 U.S.C. § 103(a). 

Reconsideration is respectfriUy requested in view of the following remarks. 

Rejections Under 35 U.S.C. § 103 

Claims 1, 3-10, 12-20, 22-29, 31-38, 40-49, 51-59, 61-69 and 71-78 stand rejected under 
35 U.S.C. § 103(a) as allegedly being unpatentable over US Patent No. 6,668,322 Bl (hereinafter 
"Wood") in view of US Patent 6,035,404 (hereinafter "Zhao"). Claims 2, 1 1, 21, 30, 39, 50, 60 
and 70 stand rejected under 35 U.S.C. § 103(a) as allegedly being unpatentable over Wood in 
view of Zhao and US Patent No. 6,226,752 (hereinafter "Gupta"). 

Applicant respectfully submits that the Office cannot meet its legal burden to establish a 
prima facie case of obviousness of the amended claims under 35 U.S.C. § 103(a) based upon the 
cited references. Reconsideration is respectftiUy requested. 

In the patent specification. Applicant notes several features of existing systems: 

The statelesss nature of Hyper-Text Transfer Protocol 
(HTTP) is a disadvantage of any web application that runs on a 
server computer connected to a network and which uses HTTP to 
communicate with client web browsers. This is because the HTTP 
protocol is generally a stateless request/response protocol. That is, 
for every request generated by a user, the web application 
provides a response which typically includes one or more 
variables used by the application to identify the user and/or the 
session. In order to accomplish user and/or session management, 
these variables are returned with a subsequent request by the user. 
Without that, the HTTP protocol does not inform the server 
whether a series of consecutive requests are coming from the same 
web browser and/or user or different web browsers and/or users. 
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For any web application which uses HTTP protocol to 
communicate with a web browser, it is very important to ascertain 
whether consecutive requests come from the same web browser 
and/or user. To enable session as well as user management, prior 
web applications were designed to send one or more cookies as 
part of an initial response to a web browser. In turn, a web 
browser was required to return one or more cookies as part of the 
subsequent request. 

[B]oth software libraries and session objects have also been 
used to enable web applications to manage different users and/or 
sessions. The first approach provides two variables to a web 
application for each request to identify the session and user . The 
web application can then use either hash tables in memory, files on 
a file system or tables in a database system to keep the application 
states associated with each session and user. 

In contrast to these existing methods wherein multiple variables are used to identify the 
session and user. Applicant discloses performing user and session management wherein requests 
for an application instance "includes a single identifier for all requests from the user without 
further user and session application variables." 

Amended claim 1 recites as follows: 

A computer-impIemented_method for performing user and 
session management over a computer network, comprising: 

receiving in a first session_a first request from a user for an 
application instance, the first request comprising a single 
random number that uniquely identifies both a session and a 
user without additional user and session application variables; 
and 

transmitting an application instance response to the user 
based on stored user and session system information. 

In order to establish a prima facie case of obviousness, the references must teach all of the 
recited claim language and teach combining the references to form the recited combination. See 
M.P.E.P. § 2143.03 ("[t]o establish prima facie obviousness of a claimed invention, all the claim 
limitations must be taught or suggested by the prior art.") Applicant respectfully submits that 
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Wood and Zhao do not teach the claim language emphasized above, and, therefore, cannot 

possibly suggest the recited combination. 

In the Decision on Appeal, the Office has acknowledged that Zhao does not disclose the 

previously recited claim language of "the request including a single identifier used to identify 

both a session and a user for all user requests without further user and session application 

variables." ("We agree with the Appellant's contention that Zhao does not teach the argued 

limitation.") (Decision on Appeal at p. 7). Accordingly, Zhao similarly does not disclose the 

amended claim language which recites: 

the first request comprising a single random number 
that uniquely identifies both a session and a user without 
additional user and session application variables. 

The Board cited to Wood as allegedly relevant to the previously existing claim language. 
Applicant respectfully submits that the amended claim language distinguishes from the recited 
language. Wood teaches a system of the type that Applicants sought to improve upon. In 
particular. Wood teaches using nw separate identifiers, "session id" and "principal id," to 
identify a session and a user. (Wood, col. 8, 11. 9-25). Wood also describes that there are 
additional user session and application variables, namely, "a trust level, group ids, a creation 
time, and expiration time." 

In contrast with amended claim 1, Wood does not disclose "the first request comprising 
a single random number that uniquely identifies both a session and a user without 
additional user and session application variables." Wood discloses a method wherein a user 
request includes a session token. (Col. 10, 11. 30-36). According to Wood, the session token 
comprises a session id, a principal id, a trust level, group ids, a creation time and an expiration 
time. (Col. 8, 11. 9-12). But in contrast with the recited claim language, the session token as 
defined by Wood is not "a single random number that uniquely identifies both a session and 
a user without additional user and session application variables." Indeed, a session token 
comprising a session id, a principal id, a trust level, group ids, etc is not "a single random 
number" at all. Certainly, the session id, principal id, a trust level, group ids, etc. are not "a 
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single random number that uniquely identifies both a session and a user." Moreover, the 
session token of Wood comprising a session id, principal id, a trust level, group ids, etc. is not "a 
single random number that uniquely identifies both a session and a user without additional user 
and session application variables." Rather, the session token as disclosed by Wood is 
comprised of several variables relating to the user and session. 

Indeed, Wood actually teaches away from combining to form the recited combination. 
At column 8, lines 9-25, Wood describes using two separate identifiers within a session to 
identify the session and the user. In particular. Wood teaches using "session id" and "principal 
id." Also, Wood describes that there are additional user session and application variables, 
namely, "a trust level, group ids, a creation time, and expiration time." In Wood, the trust level 
is associated with the unique principal id and "serves as a basis for evaluating whether a 
principal associated with the session credentials has been authenticated to a sufficient level. . ." 
(emphasis added) (Col. 8, lines 26-30). If the same id were used for the session and user, it 
would not be possible to evaluate user authentication using the trust level, as required by Wood. 
Modifying Wood to include the "single identifier" and not a trust level would render Wood 
unsatisfactory for this intended purpose. Accordingly, Wood actually teaches away from a 
combination such as that recited in claim 1 . 

Therefore, because the cited references do not teach or suggest the emphasized language, 
even in combination the references do not disclose or suggest the combination recited in claim 1 . 
The Office cannot establish a prima facie case of obviousness of the amended claims under 35 
U.S.C. § 103(a) based upon the cited references. The other independent claims, while their 
claim language is different from that of claim 1 , are novel and non-obvious for reasons similar to 
those discussed above. 

Reconsideration and withdrawal of the rejections under 35 U.S.C. § 103 is respectfully 
requested. 

CONCLUSION 

The undersigned respectfully submits that pending claims are allowable and the 
application in condition for allowance. A Notice of Allowance is respectfully solicited. 



Page 27 of 28 



DOCKET NO.: **GP-0005 
Application No.: 09/812,634 
Office Action Dated: May 31, 2006 



PATENT 



Examiner Wood is invited to call the undersigned in the event a telephone conference 
would advance prosecution of this application. 



Date: July 23, 2010 /John E. McGIynn/ 

John E. McGIynn 
Registration No. 42,863 

Woodcock Washburn LLP 
Cira Centre 

2929 Arch Street, 12th Floor 
Philadelphia, PA 19104-2891 
Telephone: (215)568-3100 
Facsimile: (215) 568-3439 
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